From 89cd8fa88c6fbafa75e69535911f713e9c56c946 Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Fri, 4 Jan 2019 10:14:30 -0100
Subject: only valid base64

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
---
 lib/Model/LinkedDataSignature.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/Model/LinkedDataSignature.php b/lib/Model/LinkedDataSignature.php
index 0244e6ba..abf4406d 100644
--- a/lib/Model/LinkedDataSignature.php
+++ b/lib/Model/LinkedDataSignature.php
@@ -273,10 +273,11 @@ class LinkedDataSignature implements JsonSerializable {
 			$algo = OPENSSL_ALGO_SHA256;
 		}
 
-		if (openssl_verify(
-				$hashHeader . $hashObject, base64_decode($this->getSignatureValue()),
-				$this->getPublicKey(), $algo
-			) === 1) {
+		$signed = base64_decode($this->getSignatureValue());
+		if ($signed !== false
+			&& openssl_verify(
+				   $hashHeader . $hashObject, $signed, $this->getPublicKey(), $algo
+			   ) === 1) {
 			return true;
 		}
 
-- 
cgit v1.2.3